Runtime Application Self-Protection (RASP)
App Tamper Detection
Approov performs advanced runtime memory analysis to make sure your untampered official app is present. This prevents repackaging, modification and fake app attacks, and gives you complete control over which specific versions of your app are accepted.
Jailbreak and Root Detection
Detects if your app is running on a jailbroken iOS device or a rooted Android device. Such devices pose considerable extra risk, as enhanced privileges allow more advanced hacking tools to run that compromise your app’s sandbox. Such devices may allow data theft from your app or interference with its operation. Approov provides advanced Android Magisk detection, even when Magisk is fully cloaked.
Detect any attempt to connect a debugger to your running app, using a variety of detection techniques and defenses. This removes the risk of data exfiltration and malicious manipulation.
Real users of your app won’t be using an emulator. Hackers will because it allows easier manipulation of the environment, including the underlying operating system. Approov employs various techniques to detect if the app is running in such a risky environment.
Cloner App Detection
There are a large number of cloner apps for Android, enabling the running of multiple instances of your app on a single device. Cloner apps are extremely dangerous from a security perspective since they fundamentally undermine Android sandbox security guarantees, allowing attacks from the cloner app itself or between apps installed in the same cloner.
Hacking Framework Detection
There are a wide range of reverse engineering and function hooking tools available for both iOS and Android. Approov has a wide range of detections for these, detecting Frida, Xposed, Cydia and others. Approov also has defenses against memory dumping approaches.
Monitoring & Metrics
Live metrics are accumulated regarding device usage, attestation forensics, and billing information. Both graphical and report notifications are available.
Configurable Security Policies
Approov provides detections across a wide range of malicious threats. The response to individual threats is fully configurable, allowing you to be flexible depending on individual market circumstances. For instance, it is possible to allow Android rooted devices but not allow specific malicious instrumentation frameworks that can run on rooted devices. You specify which security policies should be enforced and changes apply immediately to active apps.
Attackers continuously evolve their runtime penetration techniques, and Approov stays up to date by providing security detection updates over-the-air without requiring app store updates. This live update service is also used to manage trust certificates and security policies.
DevOps and CI/CD Integration
The Approov service is managed by a uniform command line tool available on Windows, MacOS, and Linux for easy integration into DevOps flows. Role based, and password protected, access is provided with management tokens delivering second factor account protection.
The Approov service is deployed in AWS and Google Cloud which both meet the requirements of an extensive list of global security standards such as SOC, PCI, HIPAA, FedRAMP, HITRUST. Data collection is fully GDPR compliant. See our guide on The Security and Compliance of the Approov Solution.